How to set up a Mac securely on OS X 10.11 Sierra (El Capitan)

We've recently upgraded our computer stock with a bunch of new (old) Mac Pros. These are the last computers which Apple built which can be upgraded (storage, memory, GPU, CPU in order of complexity). So I've updated our guide on deploying new Macs. I've often been asked about our special sauce for securing Macs and deploying them quickly so I've publishing this as a starting point for others.

Despite the title stating that this covers how to set up a Mac securely on OS X, it hasn't really been possible to secure a Mac since the App Store came into being (OS X 10.6.6 I believe). OS X 10.5.8 may be the last really secure full version of OS X ever created. Coincidentally Apple joined Prism in 2012.

Still one can make a good effort to make one's computer far less chatty. If you really want to be secure, don't use the app store at all and download your OS X updates. If you want to be a little bit secure, you have to avoid iCloud completely. Just ask the beautiful Jennifer Lawrence how iCloud turned out for her (I had no idea she was so sexy until those pics showed up).

One major step which helps is to turn off all Sharing services (System Preferences:Sharing) and to turn on your Firewall. Of course this means you can't do any home networking or intranet networking in the office. On the other hand, neither can any hackers. So if one machine goes down, the issue remains isolated. For the number of times we have to move a large file, it's usually big enough these days that the fastest way to move it would be sneakerware. Otherwise most of our networking takes place on the cloud and in the SAAS applications we use. Just get rid of networking unless you really need it.

Witch or alternatively change the keyboard shortcut for switching between application windows to option-tab

Typinator: it's great text expander. Add license. Note: one only needs to pay once and if one wants to renew updates after two years you can pay again. Every business needs text expansion. Shared team online text expansion would be great but I have to ask Ergonis to add it (outside of iCloud of course).

Spectacle, default configuration is fine except when using some video editing or high end photo programs who might use some of the same shortcuts.

I haven't added SnapNDrag as one can do most screen capture with either built-in shortcuts or Acorn and we're experimenting with other screen capture utilities. But if you do a lot of screen captures, SnapNDrag is really solid.

Turn off system notications from noisy apps so you can work (application by application). Ideally just choose None and turn off play sound.

Not included in Basic Install

Apps not added yet include CSSEdit, photoapps like Iridient Developer, CaptureOne or video editing software like FCPX or Davinci Resolve. Or programing environments like SublimeText or Eclipse.

I have also not included complex software such macro programs like KeyboardMaestro which not everybody might like. Or even LaunchBar which I can't live without (many people get by with the dock and spotlight).

VPN options are also not covered. Ideally people would just be using the PPTP built into Mac OS X (Witopia for instance).

Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.